Social Engineering
“Amateurs hack systems, professionals hack people.”- Bruce Schneier, Author and Cryptographer
A Zephyr Networks Client
received a text message from his manager.
The manager hadn’t sent it.
It was a social engineering hacking attempt referred to as “Executive Phishing” or “CEO Fraud”. The hacker used publicly available company organizational information to get the name of the manager and the employee. Then the hacker impersonated the manager via text.
Had the attack been successful, the hacker would have tricked the employee into divulging valuable corporate information or performing damaging financial transactions.
Because of Zephyr Networks’ cyber security training, the employee verified the message with his manager first. A potential company data breach was avoided.
What is Social Engineering?
Social engineering uses human psychology to trick people into taking action. By invoking trust, fear, urgency or similar emotion, the victim is manipulated to engage in risky activity. Typically, the victim is convinced the perpetrator is someone they are not.
THE RISKS TO SMALL AND MEDIUM BUSINESSES ARE VERY REAL. Social engineering attacks are on the rise. Additionally, they are gaining in sophistication.
Examples of Social Engineering
Here are the 5 of the most common social engineering attacks:
Phishing
Phishing attacks seek to gain personal information and/or direct victims to suspicious websites.
Pretexting
Hackers set up a “pretext” or phony scenario that compels victims to send money or share personal information.
Baiting
Baiting tempts victims through the promise of a valued good (e.g. money, car, etc.).
CEO Fraud
Also known as “executive phishing”, the hacker impersonates a high level manager or executive.
Quid Pro Quo
Quid Pro Quo attacks entice victims with an exchange of services. “If you provide abc, I’ll do xyz”.
The Newest Risk in Social Engineering
Artificial Intelligence
Are you familiar with the term “deep fake”? Audio, images, and videos look real. But deep fakes create them using Artificial Intelligence (AI). According to Gartner “Ransomware may be today’s great vulnerability but deep-fake extortion or slander will be tomorrow’s.”
Pictures and speeches of corporate executives are publicly available. Using this information, hackers can create images, video and/or audio with AI that are amazingly accurate. As this technology advances and becomes more mainstream, the use of AI in social engineering will put businesses at an even higher degree of vulnerability.
The Zephyr Networks Cyber Security Solution
Zephyr Networks takes a holistic approach to cybersecurity.
Cybercriminals have become more adept at slipping past traditional cyber defenses, which means mere firewalls and antivirus software aren’t effective anymore.
Zephyr Networks:
- Helps small and medium businesses enhance their security culture
- Offers continued learning to business staffs
- Builds a 360-degree defense for businesses
